What is TLS and Do I Need It?

If you missed the blog from earlier this week, we are reviewing some important changes that are coming in the industry related to PCI compliance for businesses who process credit cards. Many clients ask me “What is TLS and do I need it? It sounds complicated!”

It is not complicated, but you do need to learn a bit more about it and if you are not using it, you should be. You may have heard of these security acronyms:

SSL = Secure Sockets Layer

TLS = Transport Layer Security a cryptographic protocol

Back in the beginning of the transition from a phone line to internet and mobile processing, many websites and payment processing options were developed and designed with an Internet connection for processing using a security protocol called SSL. It became the best way to secure an online transaction and was the best method of security for nearly 20 years. However, many do not know that as of June 2015, it became obsolete.

Yes, this bears repeating.

Here is where TLS comes in.  TLS replaced SSL in June 2015, as the preferred method of online security because SSL was no longer considered to be PCI compliant for online transactions.

So, what does this mean?

Well, If you are still using this SSL “security” you should act now and update your online system to TLS.  Be sure to ask your IT professional to use the most current version, and last time we checked (just before we posted this blog,) TLS 1.3 was released for use as of July 2017. It is not only reported to be more secure than the TLS 1.2 version, it apparently processes faster, too.

Why are we telling you all of this? Many of you, our clients, process credit cards using a terminal or a POS, but many also process them online and if you are not running a TLS security software then you are not PCI Compliant and can be at risk of both non-compliance and a security breach.

Not sure if you are compliant? Not sure what to do? Who to ask? Start here, all it takes is a simple e-mail.

~ Mary Ann